Beispiel #1
0
    def __init__(self, title, key, **kwargs):
        super().__init__(title, **kwargs)

        name = self.title  # Ex. BucketStatic
        # need to specify key cause there is a problem regarind Bucket Names
        # key in common.yml and Bucket dict (RP_to_cfg)
        auto_get_props(self, key=key)
        self.Condition = name
        self.BucketName = Sub(bucket_name)
        self.CorsConfiguration = If(
            f"{name}Cors",
            s3.CorsConfiguration(CorsRules=[
                s3.CorsRules(
                    AllowedHeaders=["Authorization"],
                    AllowedMethods=["GET"],
                    AllowedOrigins=["*"],
                    MaxAge=3000,
                )
            ]),
            Ref("AWS::NoValue"),
        )

        self.VersioningConfiguration = If(
            f"{name}Versioning",
            s3.VersioningConfiguration(
                Status=get_endvalue(f"{name}Versioning")),
            Ref("AWS::NoValue"),
        )
Beispiel #2
0
def render_s3(context, template):
    for bucket_name in context['s3']:
        props = {
            'DeletionPolicy':
            context['s3'][bucket_name]['deletion-policy'].capitalize(),
            'Tags':
            s3.Tags(**aws.generic_tags(context, name=False)),
        }
        bucket_title = _sanitize_title(bucket_name) + "Bucket"
        if context['s3'][bucket_name]['cors']:
            # generic configuration for allowing read-only access
            props['CorsConfiguration'] = s3.CorsConfiguration(CorsRules=[
                s3.CorsRules(AllowedHeaders=['*'],
                             AllowedMethods=['GET', 'HEAD'],
                             AllowedOrigins=['*'])
            ])
        if context['s3'][bucket_name]['website-configuration']:
            index_document = context['s3'][bucket_name][
                'website-configuration'].get('index-document', 'index.html')
            props['WebsiteConfiguration'] = s3.WebsiteConfiguration(
                IndexDocument=index_document)
            _add_bucket_policy(template, bucket_title, bucket_name)

        if context['s3'][bucket_name]['public']:
            _add_bucket_policy(template, bucket_title, bucket_name)
            props['AccessControl'] = s3.PublicRead

        if context['s3'][bucket_name]['encryption']:
            props['BucketEncryption'] = _bucket_kms_encryption(
                context['s3'][bucket_name]['encryption'])

        template.add_resource(
            s3.Bucket(bucket_title, BucketName=bucket_name, **props))
Beispiel #3
0
    def add_cors_rule(self, name, headers, methods, origins, age, **kwargs):

        rule = s3.CorsRules(AllowedHeaders=headers,
                            AllowedMethods=methods,
                            AllowedOrigins=origins,
                            MaxAge=age,
                            Id=name)
        self.cors_rules.append(rule)
    def create_s3_resources(self):
        s3_bucket = self.add_resource(
            s3.Bucket('s3TileCacheBucket',
                      BucketName=Join(
                          '.',
                          ['tile-cache',
                           Ref(self.public_hosted_zone_name)]),
                      AccessControl=s3.PublicRead,
                      CorsConfiguration=s3.CorsConfiguration(CorsRules=[
                          s3.CorsRules(
                              AllowedOrigins=['*'],
                              AllowedMethods=['GET'],
                              MaxAge=3000,
                              AllowedHeaders=['*'],
                          )
                      ])))

        self.add_resource(
            s3.BucketPolicy(
                's3TileCacheBucketPolicy',
                Bucket=Ref(s3_bucket),
                PolicyDocument={
                    'Statement': [{
                        'Action': ['s3:GetObject'],
                        'Effect': 'Allow',
                        'Resource': {
                            'Fn::Join':
                            ['', ['arn:aws:s3:::',
                                  Ref(s3_bucket), '/*']]
                        },
                        'Principal': '*'
                    }]
                }))

        self.add_resource(
            r53.RecordSetGroup(
                'dnsPublicRecordsCache',
                HostedZoneName=Join('',
                                    [Ref(self.public_hosted_zone_name), '.']),
                RecordSets=[
                    r53.RecordSet('dnsTileServersCache',
                                  AliasTarget=r53.AliasTarget(
                                      AMAZON_S3_HOSTED_ZONE_ID,
                                      AMAZON_S3_WEBSITE_DOMAIN,
                                      True,
                                  ),
                                  Name=Join('', [
                                      'tile-cache.',
                                      Ref(self.public_hosted_zone_name), '.'
                                  ]),
                                  Type='A')
                ]))
Beispiel #5
0
def render_s3(context, template):
    for bucket_name in context['s3']:
        props = {
            'DeletionPolicy':
            context['s3'][bucket_name]['deletion-policy'].capitalize()
        }
        bucket_title = _sanitize_title(bucket_name) + "Bucket"
        if context['s3'][bucket_name]['cors']:
            # generic configuration for allowing read-only access
            props['CorsConfiguration'] = s3.CorsConfiguration(CorsRules=[
                s3.CorsRules(AllowedHeaders=['*'],
                             AllowedMethods=['GET', 'HEAD'],
                             AllowedOrigins=['*'])
            ])
        if context['s3'][bucket_name]['website-configuration']:
            index_document = context['s3'][bucket_name][
                'website-configuration'].get('index-document', 'index.html')
            props['WebsiteConfiguration'] = s3.WebsiteConfiguration(
                IndexDocument=index_document)
            template.add_resource(
                s3.BucketPolicy("%sPolicy" % bucket_title,
                                Bucket=bucket_name,
                                PolicyDocument={
                                    "Version":
                                    "2012-10-17",
                                    "Statement": [{
                                        "Sid":
                                        "AddPerm",
                                        "Effect":
                                        "Allow",
                                        "Principal":
                                        "*",
                                        "Action": ["s3:GetObject"],
                                        "Resource":
                                        ["arn:aws:s3:::%s/*" % bucket_name]
                                    }]
                                }))
        template.add_resource(
            s3.Bucket(bucket_title, BucketName=bucket_name, **props))
Beispiel #6
0
    def __init__(self, title, key, **kwargs):
        super().__init__(title, **kwargs)

        name = self.title  # Ex. BucketStatic
        auto_get_props(self, key, recurse=True)
        self.Condition = name
        self.BucketName = Sub(bucket_name)
        self.CorsConfiguration = If(
            f'{name}Cors',
            s3.CorsConfiguration(CorsRules=[
                s3.CorsRules(AllowedHeaders=['Authorization'],
                             AllowedMethods=['GET'],
                             AllowedOrigins=['*'],
                             MaxAge=3000)
            ]), Ref('AWS::NoValue'))
        self.ReplicationConfiguration = If(
            f'{name}Replica',
            S3ReplicationConfiguration(name=name, key=key),
            Ref('AWS::NoValue'),
        )
        self.VersioningConfiguration = If(
            f'{name}Versioning',
            s3.VersioningConfiguration(
                Status=get_endvalue(f'{name}Versioning')), Ref('AWS::NoValue'))
Beispiel #7
0
#
t.add_condition('HasCorsOrigin', Not(Equals(Ref(param_cors_origin), '')))

#
# Resource
#

bucket = t.add_resource(
    s3.Bucket(
        'Bucket',
        CorsConfiguration=If(
            'HasCorsOrigin',
            s3.CorsConfiguration(CorsRules=[
                s3.CorsRules(
                    AllowedHeaders=['*'],
                    AllowedMethods=['GET', 'PUT', 'HEAD', 'POST', 'DELETE'],
                    AllowedOrigins=[Ref(param_cors_origin)],
                )
            ]), Ref(AWS_NO_VALUE))))

t.add_resource(
    s3.BucketPolicy(
        'BucketPolicy',
        Bucket=Ref(bucket),
        PolicyDocument={
            'Version':
            '2012-10-17',
            'Id':
            'CdnAccessPolicy',
            'Statement': [{
                'Sid': '1',
Beispiel #8
0
t.add_parameter(Parameter('MySQLUser', Type='String'))
t.add_parameter(Parameter('MySQLPass', Type='String'))
t.add_parameter(Parameter('NodeEnv', Type='String'))
t.add_parameter(Parameter('KeycloakServerURL', Type='String'))
t.add_parameter(Parameter('KeycloakRealm', Type='String'))
t.add_parameter(Parameter('KeycloakClientID', Type='String'))
t.add_parameter(Parameter('KeycloakClientSecret', Type='String'))
t.add_parameter(Parameter('AwsKmsCmk', Type='String'))

# Create S3 Bucket
accountMediaBucket = t.add_resource(s3.Bucket(
    'AccountMedia',
    CorsConfiguration = s3.CorsConfiguration(CorsRules = [
        s3.CorsRules(
            AllowedHeaders = ['*'],
            AllowedMethods = ['GET', 'POST'],
            AllowedOrigins = ['*'],
        )
    ]),
))

# Lambda Variables

lambdaSrcPath = '../.'
lambdaHandlerPath = 'src/lambda/'
nodeRuntime = 'nodejs8.10'

lambdaVpcConfig = awslambda.VPCConfig(
    None,
    SecurityGroupIds=[
        ImportValue(Sub('${CoreStack}-RDS-Access-SG-ID')),